ByteOS Network

Vulnerability Details :

CVE-2008-5031

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-10 Nov, 2008 | 16:00

Updated At-07 Aug, 2024 | 10:40

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:10 Nov, 2008 | 16:00

Updated At:07 Aug, 2024 | 10:40

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c	x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200907-16.xml	vendor-advisory x_refsource_GENTOO
http://secunia.com/advisories/33937	third-party-advisory x_refsource_SECUNIA
http://scary.beasts.org/security/CESA-2008-008.html	x_refsource_MISC
http://secunia.com/advisories/37471	third-party-advisory x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2008/11/05/3	mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2008/11/05/2	mailing-list x_refsource_MLIST
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	x_refsource_CONFIRM
http://support.apple.com/kb/HT3438	x_refsource_CONFIRM
http://svn.python.org/view?rev=61350&view=rev	x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	vendor-advisory x_refsource_APPLE
http://www.securityfocus.com/archive/1/507985/100/0/threaded	mailing-list x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/46612	vdb-entry x_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564	vdb-entry signature x_refsource_OVAL
http://secunia.com/advisories/35750	third-party-advisory x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280	vdb-entry signature x_refsource_OVAL
http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/3316	vdb-entry x_refsource_VUPEN

Hyperlink: http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c

Resource:

x_refsource_CONFIRM

Hyperlink: http://security.gentoo.org/glsa/glsa-200907-16.xml

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://secunia.com/advisories/33937

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://scary.beasts.org/security/CESA-2008-008.html

Resource:

x_refsource_MISC

Hyperlink: http://secunia.com/advisories/37471

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.openwall.com/lists/oss-security/2008/11/05/3

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.openwall.com/lists/oss-security/2008/11/05/2

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://support.apple.com/kb/HT3438

Resource:

x_refsource_CONFIRM

Hyperlink: http://svn.python.org/view?rev=61350&view=rev

Resource:

x_refsource_CONFIRM

Hyperlink: http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Resource:

vendor-advisory

x_refsource_APPLE

Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46612

Resource:

vdb-entry

x_refsource_XF

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://secunia.com/advisories/35750

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.vupen.com/english/advisories/2009/3316

Resource:

vdb-entry

x_refsource_VUPEN

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c	x_refsource_CONFIRM x_transferred
http://security.gentoo.org/glsa/glsa-200907-16.xml	vendor-advisory x_refsource_GENTOO x_transferred
http://secunia.com/advisories/33937	third-party-advisory x_refsource_SECUNIA x_transferred
http://scary.beasts.org/security/CESA-2008-008.html	x_refsource_MISC x_transferred
http://secunia.com/advisories/37471	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.openwall.com/lists/oss-security/2008/11/05/3	mailing-list x_refsource_MLIST x_transferred
http://www.openwall.com/lists/oss-security/2008/11/05/2	mailing-list x_refsource_MLIST x_transferred
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	x_refsource_CONFIRM x_transferred
http://support.apple.com/kb/HT3438	x_refsource_CONFIRM x_transferred
http://svn.python.org/view?rev=61350&view=rev	x_refsource_CONFIRM x_transferred
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	vendor-advisory x_refsource_APPLE x_transferred
http://www.securityfocus.com/archive/1/507985/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/46612	vdb-entry x_refsource_XF x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564	vdb-entry signature x_refsource_OVAL x_transferred
http://secunia.com/advisories/35750	third-party-advisory x_refsource_SECUNIA x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280	vdb-entry signature x_refsource_OVAL x_transferred
http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c	x_refsource_CONFIRM x_transferred
http://www.vupen.com/english/advisories/2009/3316	vdb-entry x_refsource_VUPEN x_transferred

Hyperlink: http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://security.gentoo.org/glsa/glsa-200907-16.xml

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: http://secunia.com/advisories/33937

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://scary.beasts.org/security/CESA-2008-008.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://secunia.com/advisories/37471

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2008/11/05/3

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2008/11/05/2

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://support.apple.com/kb/HT3438

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://svn.python.org/view?rev=61350&view=rev

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Resource:

vendor-advisory

x_refsource_APPLE

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46612

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://secunia.com/advisories/35750

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2009/3316

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:10 Nov, 2008 | 16:15

Updated At:25 Oct, 2019 | 11:53

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Python Software Foundation

>>python>>2.2.3

cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*

Python Software Foundation

>>python>>2.3.7

cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*

Python Software Foundation

>>python>>2.4.6

cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*

Python Software Foundation

>>python>>2.5.1

cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-189	Primary	nvd@nist.gov

CWE ID: CWE-189

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	cve@mitre.org	N/A
http://scary.beasts.org/security/CESA-2008-008.html	cve@mitre.org	N/A
http://secunia.com/advisories/33937	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/35750	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/37471	cve@mitre.org	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200907-16.xml	cve@mitre.org	N/A
http://support.apple.com/kb/HT3438	cve@mitre.org	N/A
http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c	cve@mitre.org	N/A
http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c	cve@mitre.org	N/A
http://svn.python.org/view?rev=61350&view=rev	cve@mitre.org	N/A
http://www.openwall.com/lists/oss-security/2008/11/05/2	cve@mitre.org	N/A
http://www.openwall.com/lists/oss-security/2008/11/05/3	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/507985/100/0/threaded	cve@mitre.org	N/A
http://www.vmware.com/security/advisories/VMSA-2009-0016.html	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2009/3316	cve@mitre.org	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46612	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564	cve@mitre.org	N/A

Hyperlink: http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://scary.beasts.org/security/CESA-2008-008.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/33937

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/35750

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/37471

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://security.gentoo.org/glsa/glsa-200907-16.xml

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://support.apple.com/kb/HT3438

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://svn.python.org/view?rev=61350&view=rev

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.openwall.com/lists/oss-security/2008/11/05/2

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.openwall.com/lists/oss-security/2008/11/05/3

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2009/3316

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46612

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564

Source: cve@mitre.org

Resource: N/A

Similar CVEs

56Records found

CVE-2008-5237

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-10||HIGH

EPSS-5.76% / 90.12%

7 Day CHG~0.00%

Published-26 Nov, 2008 | 01:00

Updated-07 Aug, 2024 | 10:49

Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.

Vendor-xine n/a

Product-xine n/a

CWE ID-CWE-189

Not Available

CVE-2008-4061

Matching Score-4

Assigner-Red Hat, Inc.

View Details

Matching Score-4

Assigner-Red Hat, Inc.

CVSS Score-10||HIGH

EPSS-1.43% / 79.85%

7 Day CHG~0.00%

Published-24 Sep, 2008 | 18:00

Updated-07 Aug, 2024 | 10:00

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.

Vendor-n/a Canonical Ltd.Mozilla Corporation Debian GNU/Linux

Product-ubuntu_linux debian_linux thunderbird firefox seamonkey n/a

CWE ID-CWE-189

Not Available

CVE-2008-4220

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-10||HIGH

EPSS-0.89% / 74.59%

7 Day CHG~0.00%

Published-17 Dec, 2008 | 01:00

Updated-07 Aug, 2024 | 10:08

Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.

Vendor-n/a Apple Inc.

Product-mac_os_x_server mac_os_x n/a

CWE ID-CWE-189

Not Available

CVE-2007-6355

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-10||HIGH

EPSS-1.01% / 76.17%

7 Day CHG~0.00%

Published-18 Dec, 2007 | 20:00

Updated-07 Aug, 2024 | 16:02

Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6354.

Vendor-aertherwide n/a

Product-exiftags n/a

CWE ID-CWE-189

Not Available

CVE-2007-6149

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-10||HIGH

EPSS-31.10% / 96.59%

7 Day CHG~0.00%

Published-13 Feb, 2008 | 20:00

Updated-07 Aug, 2024 | 15:54

Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation.

Vendor-n/a Adobe Inc.

Product-connect_enterprise_server flash_media_server_2 n/a

CWE ID-CWE-189

Not Available

CVE-2008-1948

Matching Score-4

Assigner-Red Hat, Inc.

View Details

Matching Score-4

Assigner-Red Hat, Inc.

CVSS Score-10||HIGH

EPSS-23.88% / 95.80%

7 Day CHG~0.00%

Published-21 May, 2008 | 10:00

Updated-07 Aug, 2024 | 08:41

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

Vendor-n/a GNU

Product-gnutls n/a

CWE ID-CWE-189

Not Available

CVE-2008-5031

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs